Can create a cert with no serial number?

Hubert Kario hkario at redhat.com
Thu Jun 1 12:17:45 UTC 2023


On Thursday, 1 June 2023 03:55:48 CEST, Viktor Dukhovni wrote:
> On Wed, May 31, 2023 at 09:21:07PM -0400, Robert Moskowitz wrote:
>
>> openssl rand -hex 1 > $dir/serial
>
> Don't do that.  You'll quickly create collisions.
> Initialise the serial number to 1 more than the
> serial number of the issuing CA, and let it be
> auto-maintained thereafter.
>
> This assumes a sound digest algorithm is used, otherwise predictable
> serial numbers make it easier to mount collision attacks on the CA.
> Are you sure you actually need to squeeze out every last byte?
>
> Premature optimisation ...
>

Also, some implementations, like NSS, do assume uniqueness of the serial
number of a given CA (just like the RFC prescribes), and will break in
subtle ways if that is not maintained

So, if you use secure hash, predictable serial numbers are fine, but don't
require them to be 1 byte only, do allow for longer lengths.
-- 
Regards,
Hubert Kario
Principal Quality Engineer, RHEL Crypto team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic



More information about the openssl-users mailing list